Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » DNS Forwarding problem?
  •  
leonardo

Messages: 4
Karma: 0
Send a private message to this user
I use Kerio Winroute Firewall to share Internet access across a 6-PC LAN.

All PCs on the LAN point to 192.168.1.1 (the KWF server) as the primary DNS server. There are a few domains I am able to access by name, but many of them (~60%) are only accessible by numerical IP address. The only exception is the firewall host, which is able to access everything (so I'm assuming it's a forwarding issue and not my ISP's DNS server).

Sometimes I get redirected to the default search engine displaying results for the URL, sometimes it just reports that the server is unaccessible. Since DNS isn't being resolved properly, I can't even ping/traceroute by name to further inspect the problem.

Anyone have any ideas?

Thanks in advance,
Leo
  •  
leonardo

Messages: 4
Karma: 0
Send a private message to this user
Just in case anyone is curious, an obvious fixaround was editing the DHCP scope in KWF to assign my ISP's DNS across the network and disabling the DNS Forwarder altogether.

Everything is working fine now, but I'd still like to know why KWF isn't properly forwarding DNS requests.
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
leonardo wrote on Mon, 10 April 2006 17:48

Everything is working fine now, but I'd still like to know why KWF isn't properly forwarding DNS requests.

Probably a configuration error. Please submit a ticket if you require technical support: http://support.kerio.com

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
kesleri

Messages: 15
Karma: 0
Send a private message to this user
So you are saying you got another firewall wich shares the internet and you installed KWF on another PC for DNS Service, in this case try to put your ISP provided DNS server.

And is the DNS Ip's in KWF the same as your ISP's Many ISP's block theyr DNS service from another network...
  •  
leonardo

Messages: 4
Karma: 0
Send a private message to this user
The way I had it set up is with KWF managing NAT/firewall/DHCP on the LAN. I had decided to use the built-in DNS Forwarder, so the DHCP server sent the KWF host IP address to all PCs as the primary (and only) DNS server. The DNS Forwarder was responsible for forwarding DNS requests to the ISP's DNS servers, which were obtained by DHCP from my ISP.

This configuration would cause frequent errors where around half of the addresses I tried to access by name would simply and instantaneously cause an error (i.e. 'Server Not Found'). Accessing by IP address worked fine, so the problem wasn't packetloss along the way or anything. One thing I hadn't mentioned is this wasn't limited to HTTP, I also had problems in resolving IRC server addresses, among other services.

As soon as I disabled DNS Forwarding and told KWF's DHCP to distribute my ISP's DNS servers across the network so they could be accessed directly, there were no more errors. These were theoretically the same servers being forwarded to in the first place, since I retrieved them running 'ipconfig /all'.

I can't really see how this could be a configuration problem. I had all types of filtering and restrictions turned off. I can't think of anything that interfered with the forwarding of some requests and the errors in others.

Since everything is working, I'm happy for now, but if my ISP ever changes the IP address of its DNS servers, I'll have to reconfigure KWF.

[Updated on: Wed, 12 April 2006 18:58]

  •  
kesleri

Messages: 15
Karma: 0
Send a private message to this user
I think there is a configuration error in wich you just blocked your own KWF from accesing the DNS service, try to free ports related to the DNS service.
Also you would want to take a look in Advanced setting, something could go wrong there with DNS forwarding. Try checking the boxes and see what happens untill you find the problem.
  •  
mct62

Messages: 14
Karma: 0
Send a private message to this user
I would like to report that I have exactly the same experience. Based on my tests today, I believe it is a Kerio problem. My setup appears to mirror Leonardo's setup exactly, and I report an identical behaviour: DNS queries run through the forwarder plugin in Kerio don't always work reliably.

I found this today when I went to login to www.yahoo.com and my browser said it couldn't connect.

I have had Kerio 6.2 eval running now for the last few days since I set it up. It has been working fine, and I had not made any new rule changes recently. I confirmed using nslookup that Kerio would not resolve the query for "www.yahoo.com". I tried the query running *through* the firewall (i.e. via a NATTED connection to external dns servers, and that worked fine.

Mysteriously, before I got much further, it started working again through the plugin, and I couldn't fault it. So I think there is an intermittent problem where the DNS forwarder in Kerio somehow gets itself snagged, and so it isn't reliable.

I have DNS caching and other options switched off on Kerio, so it's just doing a simple, pure forward to a list of two ISP name servers.

I'm not sure what additional info I could provide to help you get to the bottom of this?

-- Milt
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
My first suggestion would be to submit a support ticket: http://support.kerio.com

My second suggestion is when you see the DNS issue occuring, turn off WinRoute and try to do your DNS query again. If it still does not work with WinRoute turned off then it's not a WinRoute issue. If you turn off WinRoute and it does work, then you turn WinRoute back on and it doesn't work, submit a support ticket.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
mct62

Messages: 14
Karma: 0
Send a private message to this user
Thanks for the response...as per your second point, you will see from my earlier message that effectively I have already done this and proved that the problem is with Kerio, not with external DNS resolution.

I will submit a trouble ticket.
Previous Topic: KWF 6.2.0 patch 1 100% CPU usage :(
Next Topic: Multihomed public interface?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 22:42:05 CET 2017

Total time taken to generate the page: 0.00516 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.